The report on security and fundamental freedom on the internet said the penalties imposed should be "proportionate to the infringements committed" and rejected "systematic monitoring and surveillance” of all users’ online activities. It also warned against "certain excessive access restrictions placed by intellectual property holders themselves".

Cutting access to individual customer accounts constitutes a restriction on your customer’s rights to access the benefits from the information society and to exercise their rights to freedom of expression and information. Cutting access should only be done for law enforcement or other legitimate and strictly necessary reasons.

Of course, neither document is itself directly enforceable in Irish law - but both may have a persuasive effect if the issues of filtering and disconnection of users return to the High Court.

Tuesday, March 17, 2009

The Australian communications regulator says it will fine people who hyperlink to sites on its blacklist...

The move by the Australian Communications and Media Authority comes after it threatened the host of online broadband discussion forum Whirlpool last week with a $11,000-a-day fine over a link published in its forum to another page blacklisted by ACMA - an anti-abortion website.

The irony here is that the anti-abortion website was referred to ACMA by an anti-censorship campaigner seeking to demonstrate that the blacklist would be used to censor legitimate political speech. Once he succeeded in this aim, it seems that ACMA became embarrassed by their own actions and are now trying to prevent Australians from viewing the page and deciding for themselves whether ACMA's decisions can be trusted.

In the meantime, here's the ACMA response which they're now trying to censor:

Subject: Complaint Reference: 2009000009/ ACMA-691604278Date: Wed, 21 Jan 2009 15:45:00 +1100From: online@acma.gov.auComplaint Reference: 2009000009/ ACMA-691604278I refer to the complaint that you lodged with the Australian Communications and Media Authority (ACMA) on 5th January 2009 about certain content made available at:

Following investigation of your complaint, ACMA is satisfied that the internet content is hosted outside Australia, and that the content is prohibited or potential prohibited content.

The Internet Industry Association (IIA) has a code of practice (http://www.iia.net.au/index.php?option=com_content&task=view&id=415&Itemid=33) for Internet Service Providers (ISPs) which, among other things, set out arrangements for dealing with such content. In accordance with the code, ACMA has notified the above content to the makers of IIA approved filters, for their attention and appropriate action. The code requires ISPs to make available to customers an IIA approved filter.

Information about ACMA’s role in regulating online content (including internet and mobile content), including what is prohibited or potentially prohibited content is available at ACMA’s website at www.acma.gov.au/hotline

Thank you for bringing this matter to ACMA’s attention.

One point stands out about this response. Similar to the Wikipedia debacle in the UK, material is being blacklisted on the basis that it is "potentially" prohibited - that is to say, ACMA is taking a guess as to what the actual censorship body - the Classification Board - might do if asked to decide on the material.

That link contains photos of aborted foetuses. Gruesome? Certainly. But legitimate political speech seeking to demonstrate what the site argues is the "reality" of abortion? Without a shadow of a doubt - making it remarkable that it should be banned to Australian viewers based on nothing more than a hunch as to what a censorship body might think.

Monday, March 16, 2009

Henry Porter has been one of the most astute observers of the state of civil liberties in the UK in recent years. In this column he paints an alarming picture of how secret databases are already being abused:

The facts are horrifying. The secret database penalised innocent people by storing unverified information about character and abilities, which often prevented them gaining employment. Union membership was a black mark. An electrician from Manchester Steve Acheson believes he was blacklisted because of his union membership and only received 36 weeks employment in the last nine years. He has spoken movingly about the way his character and demeanour have been affected by the lack of work during one of the greatest construction booms ever known...

The bigger point is this: where information about people is gathered in a database without individuals knowing what is held on file or being able to challenge it if they suspect it is wrong or unjust, abuse of their rights is likely to follow. That applies right across the board – from Kerr's seedy operation, run out of anonymous offices in Droitwich, to the big government databases formed or proposed by schemes such as the national identity register, ContactPoint, the e-Borders scheme and the communications superdatabase, which will allow the government to store information on every phone call, email, text message and internet connection.

In a recent judgment, the High Court has now accepted that it has no jurisdiction over a large portion of that litigation.

The issues here are somewhat complex but to summarise: after the action against Bravofly was commenced Ryanair added a second defendant - Travelfusion - to the proceedings, on the basis that they were the "provider of the technical facilities and services necessary to permit the screen-scraping facilities".

Travelfusion, in turn, applied to have the proceedings against it dismissed on the basis that the Irish courts had no jurisdiction to hear the matter under the Brussels Regulation. This argument had two dimensions - first that as an English company with no place of business in Ireland there was no basis for jurisdiction under the Regulation and secondly that the terms of use of the Ryanair website conferred exclusive jurisdiction on the English courts. Ultimately, however, Travelfusion rested its case entirely on the second aspect.

The relevant provision was Clause 7 of the Terms of Use, which provided:

Disputes arising from the use of this website and the interpretation of these Terms of Use of the Ryanair website are governed by English Law. All disputes relating to these Term of Use and the use of the Ryanair Website are subject to the exclusive jurisdiction of the English court, save that Ryanair may, at its sole discretion, institute proceedings in the country of your domicile.

Ryanair conceded that if the clause applied it would determine jurisdiction over all the screen scraping claims - the question was, however, whether the clause took effect as part of an agreement between the parties.

This put Ryanair in a difficult and awkward position. Their claim that screen scraping was prohibited rested in large part on the argument that the terms of use were contractually binding on visitors to the site - if that were so, however, then the clause would take effect and Article 23 of the Brussels Regulation would confer exclusive jurisdiction on the English courts. Travelfusion was also in an awkward position - seeking to assert that the choice of law clause was effective while the remainder of the terms of use were not. As the court noted:

the circumstances giving rise to the issue in this case are highly unusual. The party who has produced the standard form containing a choice of jurisdiction clause is the one saying it does not apply. Equally the party denying that there is any contract at all is the one who is placing reliance on a clause which arises out of a contract alleged by its opponent but denied by it.

Could Travelfusion rely on the choice of law clause while simultaneously denying the existence of a contract? The court's conclusion was that it could. Three factors were important in this outcome. First, it would do no injustice to Ryanair to apply a choice of law clause which it itself had put forward. Secondly, if Ryanair were successful in its claim the choice of law clause would necessarily be contained in any contract. Thirdly, the alternative would be wastefully to litigate the same issue (whether a contract existed) twice - once at the jurisdiction stage and once again at the substantive hearing.

Consequently, the court accepted that the choice of law clause applied and as such Ryanair's action against Travelfusion was struck out. The case against Bravofly, however, remains.

From a practical perspective, this is certainly a cautionary tale for internet businesses - don't assert a choice of law in your website terms of use unless you're happy for it to apply to all claims that might arise out of the use of the website.

(Ryanair's terms of use, incidentally, seem to have been amended since the start of this case in order to head off this type of defence. The current terms of use state "It is a condition precedent to the use of the Ryanair website, including access to information relating to flight details, costs etc., that any such party submits to the sole and exclusive jurisdiction of the Courts of the Republic of Ireland and to the application of the law in that jurisdiction, including any party accessing such information or facilities on their own behalf or on behalf of others.")

Sunday, March 01, 2009

I've written a short piece for today's Sunday Business Post on the implications of the Eircom / IRMA deal for Irish internet users. Unfortunately the Business Post is no longer updating its online content until late on Sunday (in a move to drive sales of the dead tree version?) so you can't see it there yet. In the meantime, here's the story as it was submitted:

Time to oppose an Irish Internet Death Penalty

Banning someone from internet use is a draconian punishment. In an era where internet access is increasingly essential – whether to send an email, look for a job, or book a flight – to deprive a person of this basic right is to seriously disrupt their daily life. In fact, an internet ban is such a sanction that the Irish courts have only ever imposed this punishment in extreme cases involving child pornography.

Yet in a private deal between Eircom and the music industry – a deal which the music industry is now trying to force on other Irish internet service providers – internet bans may become commonplace. The deal has been called “three strikes and you’re out” but it might better be called “three accusations and you’re out” as there would be no trial, no evidence held up to court scrutiny and no right of appeal. Instead, once the music industry makes three allegations that a particular internet user is sharing music then Eircom will disconnect that user, applying what’s often called an internet death penalty while acting as judge, jury and executioner.

What might this deal mean for the Irish internet? We can certainly expect users to be wrongfully accused. The company which the music industry previously used to identify filesharers – MediaSentry – has a track record of false accusations and was recently found to be operating illegally in several US states. As a result, the music industry has recently dumped MediaSentry and turned to Danish firm Dtecnet – but the inherent unreliability of this process remains.

Ironically, Eircom users will be particularly vulnerable to false accusations. In 2007 Eircom supplied up to 250,000 customers with wireless modems whose passwords were insecure. This means that a neighbour or passer by could easily use their broadband without their permission. Should they face an internet ban for the actions of somebody piggybacking on their wireless?

This reflects a broader problem where innocent third parties will be affected. Internet connections are not generally unique to an individual. Instead they’re shared – amongst families and flatmates for example. But three accusations will mean the connection will be shut off for every user so that others will suffer based on the alleged wrongdoing of another.

The deal is also undemocratic. The European Parliament has recently rejected a scheme to disconnect users based on mere accusations. In the United Kingdom similar proposals were ultimately rejected after public consultations and open debate. Here, however, the music industry is trying to foist this system on ISPs in a private deal while bypassing scrutiny by the Oireachtas, the Department of Communications and the democratic process.

In another part of this deal, as well as disconnecting users the music industry also wants Irish ISPs to impose a second type of internet death penalty, by preventing Irish users from reading certain websites. This time there is pretence of legal cover, in that the obligation would be to block websites only where a court order is granted – but the music industry has threatened to sue any ISP which opposes such an order, meaning that any court will hear only one side of the story. The result, if this scheme is allowed to proceed, will be to make ISPs responsible for censoring what their users can view on the internet.

If this precedent is set for the music industry, expect others to follow soon after. The publishing industry, for example, might target Google’s Book Search project which it has claimed infringes copyright. The Church of Scientology already has a track record of trying to silence criticism by claiming that its copyright is infringed by certain sites. Diebold – a US manufacturer of electronic voting machines – has been found by the US courts to have abused copyright law to shut down internet sites in order to conceal flaws in its technology. If Irish ISPs become internet censors then similar plaintiffs can be expected to try their luck here.

Quite apart from civil liberties concerns, there are also commercial costs. If this deal is allowed to proceed it will harm Ireland’s reputation as an internet-friendly country. By requiring companies to police the actions of their users and censor what they can see – a duty which they are not subject to in other jurisdictions such as the United States – it will drive up costs (for both companies and users), harm inward investment and encourage technology firms to relocate elsewhere.

In short, this deal is an unacceptable threat to Irish internet users and businesses. Fortunately, so far only Eircom has signed up. Other ISPs are still considering whether to cave in to the threats of the music industry. There is still time for them to do the right thing and say no to a privatised internet death penalty.

TJ McIntyre is a solicitor, Lecturer in Law in University College Dublin and chairman of Digital Rights Ireland.